CVE-2025-8077 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2025-8077 Interim 1 2 2025-11-01T01:02:13Z current 2025-09-22T08:07:38Z 2025-11-01T01:02:13Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2025-8077 A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in `admin` account. If this password is not changed immediately after deployment, any workload with network access within the cluster could use the default credentials to obtain an authentication token. This token can then be used to perform any operation via NeuVector APIs. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://github.com/neuvector/neuvector/security/advisories/GHSA-8pxw-9c75-6w56 E-Mail link for GHSA-8pxw-9c75-6w56 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed govulncheck-vulndb-0.0.20250908T141310-1.1 govulncheck-vulndb-0.0.20250908T141310-1.1 as a component of openSUSE Tumbleweed A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in `admin` account. If this password is not changed immediately after deployment, any workload with network access within the cluster could use the default credentials to obtain an authentication token. This token can then be used to perform any operation via NeuVector APIs. CVE-2025-8077 openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250908T141310-1.1 critical